1. Field of the Invention
The present invention is directed to technology for supporting multiple versions of an application program interface.
2. Description of the Related Art
With the growth of the Internet, the use of networks, and other information technologies, Identity Systems have become more popular. In general, an Identity System provides for the creation, removal, editing and other managing of identity information stored in various types of data stores. The identity information pertains to users, groups, organizations and/or things. For each entry in the data store, a set of attributes are stored. For example, the attributes stored for a user may include a name, address, employee number, telephone number, email address, user ID and password. The Identity System can also manage access privileges that govern what an entity can view, create, modify or use in the Identity System. Often, this management of access privileges is based on one or more specific attributes, membership in a group and/or association with an organization.
In operation, Identity System applications frequently invoke client plug-in programs that reside outside of the Identity System. Each client program performs an operation that is not integrated into the Identity System. For example, the Identity System may invoke a client program to perform encryption and decryption.
The Identity System interacts with each client program through an application program interface (“API”). The application program interface defines how the Identity System and client program will exchange communications. For example, the application program interface may specify the format, fields, and protocols to employ when passing data between the Identity System and a client program. The concept of application program interfaces is well known in the art.
In some instances, it may be useful for an Identity System to support more than one application program interface. For example, a new version of an Identity System may support the following: 1) an old API that is compatible with a prior version of the Identity System, and 2) a new API that takes advantage of additional functionality in the new Identity System. This provides users with a backward compatible API for existing client programs and an API with enhanced capability for newly developed client programs.
It is desirable for the Identity System to support the appropriate application program interface to use with each client program. One existing approach provides a single application program interface with the ability to support both a current version of an API and prior versions of the API. This solution becomes unmanageable as the number of API revisions grows. In another solution, information exchanged between a main application and a client program includes a header that identifies the API. This solution has the drawbacks of adding overhead and requiring the client program to initiate communication with the main application to identify the API. Improved support for switching between application program interfaces would be beneficial.
Some Identity System users also employ an Access Systems. An Access System provides for the authentication and authorization of users attempting to access resources. For efficiency purposes, there is an advantage to integrating the Identity System and the Access System. For example, both systems may utilize a single set of group objects that identify user membership in various groups. Additionally, integrating the Identity System and the Access System allows for single-sign-on functionality across multiple resources. Thus, there is also a need to support multiple application program interfaces in an Access Systems and integrated Identity/Access Systems. Systems other than Identity and Access Systems can also benefit from supporting multiple application program interfaces.